Writing my first forensic tool in Go

Overview While reading Hands On System Programming with Go, I discovered the debug/pe package. To learn more about using Go I decided to spend a few days building a static forensic tool centered around use of this package. The debug/pe package provides functions that make analyzing a PE file easier. A glimpse of promising functions include: Open, ImportedLibraries, FileHeader, OpentionHeader32/64, and StringTable. Limiting myself to a span of a week, I’m reporting on functions I’ve applied to penut, a simple PE file static analysis tool, and what the next steps are to build upon the application....

January 20, 2021 · 5 min